[Samba] ldapcmp failures between DC's
Rowland Penny
rpenny at samba.org
Sun Jul 2 13:55:00 UTC 2017
On Sun, 2 Jul 2017 07:11:55 -0500
Robert Wooden via samba <samba at lists.samba.org> wrote:
> I am in the process of preparing to demote a couple of (hardware)
> aging domain controllers. At moment, I have four DC's running on my
> domain.
>
> When I "ldapcmp" between any of the DC's I get failures that appear
> to be simple "typos".
>
> Like these:
>
> root at dtdc07:~# samba-tool ldapcmp ldap://dtdc03 ldap://dtdc07
> -Uadministrator
> >>>>> snipped for brevity <<<<<<<
> SUMMARY
> ---------
>
> Attributes found only in ldap://dtdc03:
>
> CN
> DC
>
> Attributes found only in ldap://dtdc07:
>
> cn
> dc
> ERROR: Compare failed: -1
>
> root at dtdc07:~# samba-tool ldapcmp ldap://dtdc03 ldap://dtdc07
> -Uadministrator domain
> >>>>> snipped for brevity <<<<<<<
> SUMMARY
> ---------
>
> Attributes found only in ldap://dtdc03:
>
> OU
> serverReferenceBL
> CN
> DC
>
> Attributes found only in ldap://dtdc07:
>
> ou
> serverReferenceBL
> cn
> dc
> ERROR: Compare failed: -1
>
>
> When I scroll back through the complete output I cannot find these
> differences. In other words they appear only in the "SUMMARY" at the
> end is each string test.
>
> Not familiar with these test, should I be concerned about theses
> differences before I demote my aging hardware DC's?
>
There is a known problem that attributes can appear as uppercase on one
DC and lowercase on another, this is nothing to worry about, as
everything works okay. If I remember correctly, this has been fixed for
new DCs, but a fix wasn't found to 'repair' (for want of a better word)
any existing uppercase attributes.
The 'serverReferencesBL' attributes are back links and possibly the
forward links have been removed and these dangling back links can also
be ignored.
Rowland
More information about the samba
mailing list